analysis and management of risk related to...
TRANSCRIPT
http://www.iaeme.com/IJM/index.asp 20 [email protected]
International Journal of Management (IJM)
Volume 10, Issue 6, November-December 2019, pp. 20–32, Article ID: IJM_10_06_003
Available online at http://www.iaeme.com/ijm/issues.asp?JType=IJM&VType=10&IType=6
Journal Impact Factor (2019): 9.6780 (Calculated by GISI) www.jifactor.com
ISSN Print: 0976-6502 and ISSN Online: 0976-6510
© IAEME Publication
ANALYSIS AND MANAGEMENT OF RISK
RELATED TO USING CLOUD COMPUTING IN
BUSINESS: EMPLOYEE’S PERCEPTION
Prof. Sultan Abdulrahman Tarawneh
Prof. of Project Construction Management, Department of Civil and Environmental
Engineering, Mutah University. Karak, Jordan
Alaa Alaa Abdulrahman
Master’s Degree of Engineering Project Management,
The University of Jordan, Amman, Jordan.
ABSTRACT
With the recent advancement of the technology and its application to our daily
business and social life; precisely the cloud computing system, however it has a risks
that might lead to hesitation and lose of enthusiasm of using it. The main objective of
this research is to find the risk factors, which may affect the business performance of
the companies that use “Cloud Computing”, and understand the consequences and its
managements. To the best of my knowledge, this is the first study in Iraq on risk analysis
and managements in cloud computing. The objectives achieved by distributing a
questionnaire to 30 private companies in Iraq which are using cloud computing to risk
managements by interviewed the employees who were responsible on managing “Cloud
Computing” in their companies. That leads to recognize the potentials risk, and how
much impact we might make to take the right decision in order to manage the risk to
help using “Cloud Computing” without fears.
Keywords: Cloud computing, risk analysis, Risk management
Cite this Article: Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman,
Analysis and Management of Risk Related to Using Cloud Computing in Business:
Employee’s Perception, International Journal of Management, 10 (6), 2019,
pp. 20–32.
http://www.iaeme.com/IJM/issues.asp?JType=IJM&VType=10&IType=6
1. INTRODUCTION
The “Cloud” is an expression, which was initially used to refer to the Internet in network
schemas. It has been defined as an initial sketch of the Cloud, which is used to represent data
transfer from data centers to its final position on the other side of the Cloud. The idea of the
programs flashed when “John McCarthy”, a professor at Stanford University, expressed the
idea, which said: "Computing might be organized to become one day a public service." Time
Sharing Could will be the future in which energy is sold and even the private applications as a
Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman
http://www.iaeme.com/IJM/index.asp 21 [email protected]
service through the business model. Indeed, that notion was very popular in the late 1960s by
“Douglas Parkhill” in his book, “The Challenge of the Computer Utility”, but it was disappeared
in the mid-1970s when it has become clear that, the modern technology in the field of the
information technology could not sustain this model of future computing, but this idea has
recently returned to become a common term in the technological circles, and institutions in our
time [1].
The concept of the Cloud Computing has revolutionized the ideas and applications of IT
services, especially with regards to the infrastructure solutions which enterprises rely on to
facilitate their operations, and found many large and small enterprises involved in this new
system [2].
So, it is very important to know how the Cloud Computing is processing, and how to control
the transferred data in cloud securely.
Almorsy, et al. had defined the Cloud Computing as “a new mathematical model, which
provides an innovative business model for organizations to adopt the information technology
without a prior investment" [3].
The most widely used definition of the Cloud Computing model has introduced by NIST as
“A model which provides access to a convenient network on demand to a common set of a
configurable computing resources (such as networks, servers, storage, applications, and
services) that can be quickly delivered and launched with minimal administrative effort, or
service provider interaction” [4].
While other had defined the Cloud Computing as a new way to provide any users access
data, and use any data in the Cloud, it just needs an access with an internet [2].
Foster, et al.[5] had based a study that the Cloud Computing defined as a type of a dispenser
computing, which get more benefits, such as economics scale in providing a range of virtual,
dynamic, and scalable computing power and extensible storage, when the customer using it via
an internet.
According to Kleinrock The Cloud Computing has been defined by an organization to be
someday as a public utility like the telephone system, in the coming days the computer can be
a new and an important tool in the industry [6].
All over the previous definitions, the Cloud Computing should have an environment
characterized by the service basis, scalable and elastic, shared, metered by use especially in
public Cloud, and delivered by the Internet. Regardless to the slight differences in the
definitions of the Cloud Computing by researchers, The Cloud Computing shares the following
basic characteristics as in the following paragraph.
Nowadays, companies of various sizes are widely distributed; each company needs to have
more advantages than the others, in order to be distinguished from the others by using a new
technology to improve its performance, such as Cloud Computing. Cloud Computing allows
the users to be able to get an access to their data through any device just by logging in to the
Internet. Furthermore, this new technical work doesn’t need to install any software to get the
job done, so it will save the company time, cost and win the customers satisfaction [2].
The atmosphere of the private companies are more flexible to change the company's trends
based on new technologies to create new business structure, and get new opportunities, but this
fact created a challenge that the authorities and the public companies feel that the new
technology is imposed on private companies.
The cloud service provides a flexible, low-cost way to access the IT resources, which will
be needed to support the diverse operations of businesses. If somebody chooses to work with
Cloud Computing, there will be no need to invest in advance in any equipment or spend time
on the technical complications of managing this equipment. In turn, you can select the right
Analysis and Management of Risk Related to Using Cloud Computing in Business: Employee’s
Perception
http://www.iaeme.com/IJM/index.asp 22 [email protected]
size, and type of IT Platform to support your online-based projects. You can access any
resources immediately, and should pay to the one usage only [2]. But at the same time, recently
the cloud is a hot topic of businesses, and many risks have been added. Information about
individuals and companies, for example placed in the cloud will make concern about the
security of the environment.
2. CLOUD COMPUTING CHARACTERISTIC
In this section we will explain the characteristics of the Cloud Computing, as the Cloud
Computing has five basic characteristics defined by special standards described by NIST, and
some others characteristics added by previous studies:
On-demand self-service: provides the convenience to the user, as the user can request one or
more services as needed, and payment, using a ‘‘pay-and-go’’ technology, without dealing with
people, just through the control panel via an internet [4]
Broad network access: Easily providing a service to the people, as an availability of services
and resources by different sellers, in different areas to everyone via sites based on Cloud
Computing. The terms ‘‘easy-to-access standardized mechanisms’’ and ‘‘global reach
capability’’, these terms are also referring to the same characteristic [10]
Resource pooling providing a set of recourses as a single common resource such as memory,
storage, and network dimensions. This means, the user doesn’t need to know where the custom
resources are located; this helps vendors to provide real or virtual resources in a dynamic way
[7]
Rapid elasticity: elasticity is basically another name for sociability. Elasticity is defined as the
ability to increase resources or reduce them according to the user's need. The user can request
resources needed at any time. This feature is very useful, the amazon has launched a name for
the most common service and used the Elastic Computer Cloud (EC2) [4]
Measured service: The measured service indicates that Cloud Computing has the ability to
control several different aspects of the cloud automatically, with several levels of resources for
both vendors and users whether controlled, monitored, and improved [4].
Multi-Tenacity: This feature refers to the need for policy based enforcement, retailing, isolation,
governance and service levels, and chargeback/billing models for different consumers [8].
Auditability and verifiability: indicate that the organizational commitment requires the
implementation of rules and regulations. It is important for services to prepare the clear records
and folders, the possibility of policy tracking to ensure that they are implemented correctly [10].
3. ARCHITECTURE OF CLOUD COMPUTING
The Cloud Computing allows user to be able to get an access to the data through any devices,
just he needs to get an access to the Internet, and however there is no need to install any
software. The Cloud Computing provides three types depended on service provided:
(infrastructure as a service, platform as a service and software as a service): [1].
Infrastructure-as-a-Service (IaaS) enables the saving of storage, hardware and other
components, these models reduce cost, because customers pay only for resources they really
use. This service provides the following Cloud-Computing provider: Default server (CPU,
RAM, and Storage) and OS. This service provides the companies with the ability to set up their
own information centers and use this service to install their applications. The company does not
need a programmer to run this service, but it needs a system administrator.
Platform-as-a-Service (PAAS) this model provides the integrated environment for web base
application (building, testing and running). It is a special environment service for the owners of
applications, to focus their applications on it through the Internet, and then provide special
services through the Internet for subscribers, this service requires those who work to be
specialized in programming, as the provider of the Cloud Computing provides the following
Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman
http://www.iaeme.com/IJM/index.asp 23 [email protected]
user: Default server (CPU, RAM, Storage), OS, Database system and Programmable tools
[15,13] Many services are offered in this way, for example, Netflix, where the company leased
PAAS from Amazon and implemented an application, which enables the subscriber to watch
the movie, or television show he wants, for a monthly subscription.
Software-as-a-Service (SAAS) this model is enables the application service for the user via the
Internet. It is a service providing applications which are ready to work through the Internet, or
private networks, and does not require an IT specialist, and we use on a daily basis, such as
Gmail and Facebook, add to this the services for business, such as Google Docs, Microsoft 365,
and Salesforce.com, and there are many Of applications which daily appear as it is one of the
most widely used layers in Cloud Computing for its features which allow users to use the web
browser as an interface over the Internet without the need to install the program in the local data
center, increase the speed, reduce the frontal costs, reduce or eliminate the risk of software’s
licensing, remove the incompatibility of the version, and application programming interfaces
(APIs), allow integration with different. [7].
Here we will discuss the cons and proms of the Clouding System, and how it might affect
the company performance:
3.1. Benefit of the Cloud Computing
Cloud Computing is very useful especially for small and medium sized businesses, because of
the availability of IT tools at affordable prices in comparison to the benefits they provide,
helping them become more productive without spending a lot of money on equipment, and
technical resources. Large companies are now moving towards the Cloud Computing for a
variety of reasons, including cost savings, remote access and information sharing, facilitating
real-time collaboration capabilities.
3.1.1 Improved Business Service
According to hashemi, et al., the Cloud Computing provide a better performance of the business
by increase the ability to access data by any person in the organization, from any location, at
any time [11].
3.1.2 Cost Reduction and Efficiency Increment
According to west [26], using the Cloud Computing will save cost by excluding investment in
data center, or any infrastructure, and reducing the human recourses and manpower
requirements for maintenance of the infrastructure or supporting it. According to Pekane [20],
the Cloud Computing is one of the services man can count on. Many programming companies
offer excellent customer service through the hiring of experts, making any disruption to the
Cloud Computing service easy to handle, and fix as quickly as possible, also the Cloud
Computing provides a server to save backups, software developers are trying to do everything
possible to access the top technology in this aspect. As a result, developers are running multiple
servers, which mean that there is no need to worry about downtime if a server happens to have
a sudden failure.
3.1.3 Flexibility of Work & Collaboration and Sharing of Information
According to Lanman, et al. [14] rescuers can be increased or reduced depending on workload
and access data from anywhere, by any devices (mobile, laptop, tablet and etc…) via Internet.
3.1.4 Save Time
According to Ali, [27] all services that will be provided via Cloud Computing do not need a
software to be installed, as well as the Cloud provider is responding nearly in a real time without
delay, and waiting to the service to be arrived. The Cloud Computing is available anywhere you
have an Internet connection, which mean that all images, and files of any kind stored on the
Cloud Computing can be accessed by the user since he is in a place where an Internet access is
available.
Analysis and Management of Risk Related to Using Cloud Computing in Business: Employee’s
Perception
http://www.iaeme.com/IJM/index.asp 24 [email protected]
3.1.5 Enhanced Quality of Service
The Cloud Computing environment can guarantee an enhanced level of quality of services
offered to the users, such as hardware performance, e.g., I/O bandwidth, memory size and CPU
speed. Cloud Computing renders quality of service (QOS) by handling Service Level
Agreement (SLA) with clients [24].
As mentioned by Pekane [20], the Cloud Computing may not have a direct impact on
quality, but as the Cloud Computing enhances the time efficiency, the quality will be improved.
The time efficiency gives the members of the project team abundant time to check the items
in order to meet the required expectations, before deadlines are reached.
3.2 Risk of Cloud Computing
Cloud privacy and security issues are the most concerns in the Cloud Computing, because data
storage, sharing and being accessible by anyone in the organization, precisely, in public the
Cloud Computing as the data storage managed by the Cloud service provider, the most
important concern about privacy issues is the lack of the user control and unauthorized
secondary usage [19]while the most security issues concerns are access, control over data life
cycle and multi tenancy.
3.2.1 Data Location
In fact, the users of the Cloud Computing do not know where the data will be stored, where the
consumer loses physical access mechanisms used, and leads to the problem of information
privacy where the consumer fears that other peoples have access on their information, [22].
3.2.2 Investigative Support
The investigation of illegal or inappropriate activity may be almost impossible in cloud
computing, and is difficult to achieve, because The Cloud Computing supports data collection
with other data for other consumers and may be shared on-site and can also spread constantly
changing data across multiple data centers, The investigation is difficult,[22].
3.2.3 Data Segregation
As the Cloud providers are working to share resources in the Cloud environments in terms of
storage to reduce cost, but at the same time will lead to risk because the data from different
consumers will be shared in one environment [22]
3.2.4 Long-term Viability
Cloud service providers should ensure that in the event of any negative business situations such
as downtime, natural disaster or attack, customer should make sure that your private data
remains available after these attempts. Service providers must ensure that consumer data are
safe and always available, [22].
3.2.5 Recovery
Each Cloud provider must make sure, that there is a second place to store the consumer’s data,
where they want to be careful and provide backups in a data center for all consumers. In case
of any data loss or damage, the service provider will restore data from a second symmetry
center, [22].
3.2.6 Regulatory Compliance
Actually, the customers are responsible for the integrity of their data. They must ask the Cloud
service provider for external audits, and security certificates, as well as security guarantees
rather than guarantees are committed to the infrastructure. The presence of an external audit
service and security requirements increases consumer confidence. The lack of these services
reduces trust and indicates that the consumer can only use them for more trivial functions, [13].
Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman
http://www.iaeme.com/IJM/index.asp 25 [email protected]
3.2.7 Privileged User Access
The use of external institutions to deal with the sensitive data brings great risks with, as it is
necessary to transfer, access, publish and distinguish employees only to deal with. For this
purpose, the Cloud service providers must provide an accurate information to the consumer
about the hiring, supervising, and controls on their arrival to the information as well as Adopt
administrative rules to determine the specific access to cloud data, [13]. 4. Related Work of
Risk Management
Literature Review is the basis for any research work. In this Thesis, the current contents of
the Cloud Computing and the related risks are reviewed. To achieve a sufficiently broad scope
and to take into account all relevant points of view, a thorough analysis of the relevant literature
is a prerequisite.
Fitó and Guitart [12] presented a new model for the Cloud Computing security risk
assessment, which is Semi-quantitative BLO-driven, Cloud Risk Assessment (SEBCRA)
approach. This approach has four steps; the first step is Semi-quantitative BLO- oriented Cloud
Risk Assessment (SEBCRA), the second step is risk reporting, the third step is: risk treatment
and mitigation, and finally risk monitoring. The Cloud Computing has two types of providers:
Cloud service provider (CSP) and Infrastructure service provider (ISP). The Authors used the
Cloud CSP to apply the model of risk assessment, which showed the achievement of maximum
profit (91% of the price paid by clients) by transferring risks to a third-party Cloud
Infrastructure Providers.
The authors proposed the quantitative risk and impact assessment framework (QUIRC), this
method analyzes and assesses the risk and measures the impact of risk under six security criteria
for the Cloud Computing, [23].
Tanimoto, et al. [25] authors in this paper present a new method, this method is combination
between decision tree analysis by risk breakdown structure to find risk factor and risk matrix,
risk matrix is a classified risk in to four kinds, risk avoidance, risk mitigation, risk acceptance,
and risk transference to advance performance with low cost and time.
Furuncu and Sogukpinar [16] the author proposed the game theory to protect of risk when
use the Cloud Computing, this method compared the perfect user using the assets value, with
the risk that Could may cause to the assets of the cloud provider.
Djemame, et al. [17[ used a risk management to the Cloud Computing and evaluate service
provider through the service lifecycle presented by the Risk Assessment Modeling- IP Service
Operation. This model divided into many steps: risk inventory, vulnerability identification,
threat identification, data monitoring, event analysis, quantitative risk analysis and assessed risk
decision making. The author applied this model in two experiments. The First experiment is a
prototype evaluation to provide an end user through real time feedback across actual service
level. Which showed the high risk when there is a use of a resource from the VM's operating
system with in-boot up sequence and/ or from tomcat container, and the risk level will subside
if there is a use of establishes resources. The Second, functional evaluation, the objective is to
make sure that the impact of Cloud environment and risk limitation input for the output over
time with regard to IP service operation by the use of fabricated monitoring metrics.
Chang, et al. [18] The authors in this paper proposed organizational sustainability modeling
(OSM), which is a data analysis and processing system to be derived of capital asset pricing
model (CAPM) but advance to meet the specific needs of the Cloud Computing.
The proposed risk inform Cloud adoption framework based on understand, manage risk and
truest between service provider and companies by analysis the data from expert opinion using
Delphi technique [9].
Analysis and Management of Risk Related to Using Cloud Computing in Business: Employee’s
Perception
http://www.iaeme.com/IJM/index.asp 26 [email protected]
4. METHODOLOGY STRUCTUR
This Thesis will use the security risk management framework for the Cloud Computing.
Especially, focus on an internal risk for the Cloud Computing. This mean, risk in the Cloud
Computing by view of employees responsible for manage Cloud Computing of private
company in Iraq, to achieve the best performance. As results, this company gains the customer
satisfaction at a low cost and time. This research will depend on the basic steps of the risk
analysis.
This approach has five phases:
1- Distribution the questioner to employees responsible for managing the Cloud Computing
and collecting the data required for the analysis.
2- Risk analysis phase, after the collection of all information, we use the risk level
estimation to understand the point of view of each trend that has a coefficient and an impact on
the Cloud Computing used in the company. [21]
RLEi= Li * li (1)
Li: probability of given risk. Ii: The impact of indicate.
3- Risk evaluation phase, in this phase we found what is the risk need to be treated and what
is not need to be treated based on interview with the manger of company to understand how
much impact on the company’s performance and probability of recurrence when we use the
Cloud Computing.
4- The risk treatment phase, in this phase find a suitable management case, which depends
on likelihood of occurrence of risk and impact of risk for companies by comparing the result
from evaluation phase and criteria risk matrix low risk: less than 5, medium risk: 5-15, and high
risk: 15-25.
Finally make the Best decision control for the risk level, by treatment measure: risk
acceptance, risk transfer, risk mitigation, and risk avoidance.
5- Risk review and monitor
5. DATA ANALYSIS
The aim of this section is to find what the risk, which needs to be treated, is, and what is not
needed to be treated, based on the interview with the mangers of the companies after data
analysis to understand how much impact on the company’s performance, and probability of
recurrence when they use the Cloud Computing. Then it comes to the finding of a suitable
management case depending on likelihood of occurrence of risk and impact of risk for
companies by comparing the result from evaluation phase and criteria risk matrix, finally
making the Best control decision for the risk level by the treatment measurement to find
conclusion. The results obtained from interviews with those responsible people for managing
the Cloud Computing are shown in tables (1 and 2).
Table 1 Likelihood of Occurrence for Risk
Risk
Likelihood
Of Occurrence (Mean)
Very low
1
woL
2
eoaMedoM
3
High
4
hMeh VreV
5
1-Data location 1 2 3 4 5
2-Investigative support 1 2 3 4 5
Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman
http://www.iaeme.com/IJM/index.asp 27 [email protected]
3-Data segregation 1 2 3 4 5
4-Long-term viability 1 2 3 4 5
5- Recovery 1 2 3 4 5
6-Regulatory compliance 1 2 3 4 5
7-Privileged user access 1 2 3 4 5
8-Lack of authentication
mechanisms 1 2 3 4 5
9-App server to the
database server is un
clear
1 2 3 4 5
10-Loss of local power 1 2 3 4 5
Table 2 The impact of risk
Risk
Impact
Of indicate (Mean)
Very low
1
woL
2
eoaMedoM
3
High
4
hMeh VreV
5
1-Data location 1 2 3 4 5
2-Investigative support 1 2 3 4 5
3-Data segregation 1 2 3 4 5
4-Long-term viability 1 2 3 4 5
5- Recovery 1 2 3 4 5
6-Regulatory compliance 1 2 3 4 5
7-Privileged user access 1 2 3 4 5
8-Lack of authentication
mechanisms 1 2 3 4 5
9-App server to the
database server is un
clear
1 2 3 4 5
10-Loss of local power 1 2 3 4 5
After that we analyze all results, and find the mean for all risk’s occurrence and impact as
shown in previous two tables, more over we will make the treatment phase depending on the
Equation as shown in chapter three, section 3.2, to find the risk level and take the right decision
for controlling the risk by comparing the level of risk we have found with the criteria level of
risk. Table 3 shows the risk level.
Table 3 The level of risks.
Risk
Risk Level
(Li*li)
yeobdbrbroh
tcadmo
Very low
1
woL
2
eoaMedoM
3
High
4
e
hMeh
VreV
5
1-Data location Very Low 1
Analysis and Management of Risk Related to Using Cloud Computing in Business: Employee’s
Perception
http://www.iaeme.com/IJM/index.asp 28 [email protected]
Risk
Risk Level
(Li*li)
yeobdbrbroh
tcadmo
Very low
1
woL
2
eoaMedoM
3
High
4
e
hMeh
VreV
5
woL 2
eoaMedoM 3 eoaMedoM
High 4
hMeh VreV 5
2-Investigative
support
Very low 1
woL 2
eoaMedoM 3
High 4 eoaMedoM
hMeh VreV 5
3-Data segregation
Very low 1
woL 2
eoaMedoM 3
High 4 hreV
hMeh VreV 5
4-Long-term viability
Very low 1
woL 2
eoaMedoM 3
High 4 hreV
hMeh hreV 5
5- Recovery
Very low 1
woL 2
eoaMedoM 3
High 4 hreV
hMeh VreV 5
6-Regulatory
compliance Very low 1
Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman
http://www.iaeme.com/IJM/index.asp 29 [email protected]
Risk
Risk Level
(Li*li)
yeobdbrbroh
tcadmo
Very low
1
woL
2
eoaMedoM
3
High
4
e
hMeh
VreV
5
woL 2
eoaMedoM 3 eoaMedoM
High 4
hMeh VreV 5
7-Privileged user
access
Very low 1
woL 2
eoaMedoM 3
High 4 hreV
hMeh VreV 5
8-Lack of
authentication
mechanisms
Very low 1
woL 2
eoaMedoM 3 woL
hreV 4
hMeh hreV 5
9-App server to the
database server is un
clear
Very low 1
woL 2
eoaMedoM 3 woL
High 4
hMeh VreV 5
10-Loss of local
power
Very low 1
woL 2
eoaMedoM 3
High 4 woL
hMeh hreV 5
From table 3 we found the level of recovery, data segregation privilege user access, and
long- term viability for all between 15- 25, which mean that the level of risk is really high based
on the criteria level of risk and should be avoided, the level of data location, investigation
support,
Analysis and Management of Risk Related to Using Cloud Computing in Business: Employee’s
Perception
http://www.iaeme.com/IJM/index.asp 30 [email protected]
Regulatory compliance for all between 5 and less than 15, which mean that the level of risk
is medium risk based on the criteria level of risks, the level of its lacks of authentication
mechanisms, App server to the database server is unclear and loss of local power are less than
5, that mean the level of risk is low risk based on the criteria level of risk. The following table
will illustrate the best decision to control the risk level compared with the risk level matrix.
Risk review and monitor, In the final step, the risks are monitored to ensure that everything
goes as desired, since you need to stay close to make sure that nothing had gone.
Table 4 The best decision control of risk
Risk Risk level
Li*li Best decision control
1-Data location Medium risk Transfer
2-Investigative support High risk Avoidance
3-Data segregation Medium risk Transfer
4-Long-term viability High risk Avoidance
5- Recovery High risk Avoidance
6-Regulatory compliance Medium risk Transfer
7-Privileged user access High risk Avoidance
8-Lack of authentication mechanisms Low risk Acceptance
9-App server to the database server is un
clear Low risk Acceptance
10-Loss of local power Low risk Acceptance
6. CONCLUSION AND FUTURE WORK
The objectives of this study are to identify the risks involved in the use of the Cloud Computing
in the companies from the point of view of employees in private the companies in Iraq, and
their impact on the performance of their companies and knowledge of the appropriate decision
to control risks compared to the matrix risk analysis. In this research we can conclude from the
results of the analyzed data collected. The impact of the data location, the regulatory
compliance, the lack of authentication mechanisms and the APP service to the database service
are unclear moderated. The investigation support, the data segregation, the privileged user
access; the long-term viability, the recovery, and the loss of local power have high impact of
risk. After we analyzed the risk, we managed the risk based on Matrix of risk; we found that
most of the risks can be transferred to a third party. If we have a high risk we should avoid, and
if we have low risk we should accept the risk.
For future work, it is possible to take a greater number of the risks in the Cloud Computing,
the internal risks of the companies by the view of the service providers and the customers
(Companies), study the relationship between the risks and their impact on both parties.
REFRENCES
[1] Jadeja Y.,Modi K. Cloud computing-concepts, architecture and challenges. In: Computing,
Electronics and Electrical Technologies (ICCEET), International Conference on. IEEE,
2012; p. 877-880.
[2] Nedev S. Exploring the factors influencing the adoption of Cloud computing and the
challenges faced by the business. Enquiry-The ACES Journal of Undergraduate Research,
2014; 5(1)
Sultan Abdulrahman Tarawneh and Alaa Alaa Abdulrahman
http://www.iaeme.com/IJM/index.asp 31 [email protected]
[3] Almorsy M, Grundy J, Müller I. An analysis of the cloud computing security problem.arXiv
preprint arXiv: 1609.01107, 2016.
[4] Mell P, Grance T. MELL, Peter; GRANCE, Tim. Effectively and securely using the cloud
computing paradigm. NIST, Information Technology Laboratory, 2009; 2(8): 304-311.
[5] Foster I, Zhao Y, Raicu I, Lu S. Cloud computing and grid computing 360-degree compared.
In: Grid Computing Environments Workshop, GCE'08. Ieee, 2008; p. 1-10
[6] Kleinrock L. A vision for the Internet. ST Journal of Research, 2005; 2(1): 4-5
[7] Mell P, Grance T. The NIST definition of cloud computing: Recommendations of the 33666
Instituteof Standards and Technology. Retrieved from
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf (accessed on: December
18, 2011); 53(6):50.
[8] Espadas J, Molina A, Jiménez G, Molina M, Ramírez R, Concha D. A tenant-based resource
allocation model for scaling Software-as-a-Service applications over cloud computing
infrastructures. Future Generation Computer Systems, 2013; 29(1), 273-286
[9] Gupta S, Saxena K. B. C, Saini A. K. Towards Risk Managed Cloud Adoption: A Conceptual
Framework. In: Proceedings of the International Conference on Industrial Engineering and
Operations Management, Kuala Lumpur, Malaysia. 2016; p. 8-10.
[10] Hamdaqa, M, Tahvildari L. Cloud computing uncovered: a research landscape. In: Advances
in Computers. Elsevier, 2012. p. 41-85
[11] Hashemi S, Monfaredi K, Masdari M, Using cloud computing for e-government: challenges
and benefits. International Journal of Computer, Information, Systems and Control
Engineering, 2013;7(9), 596-603.
[12] Fitó J. O, GuitartFernández J. Introducing risk management into cloud computing. Computer
Architecture Department, Technical University of Catalonia, Tech. Rep. UPC-DAC-RR-
2010-33.
[13] Kaur P. J, Kaushal S. Security concerns in cloud computing. In: High Performance
Architecture and Grid Computing. Springer, Berlin, Heidelberg, 2011. p. 103-112
[14] Lanman J.T, Horvath S.D. Linos, P.K. Anticipated benefits of cloud computing adoption in
Australian regional municipal governments: an exploratory study. In: Proceedings of the
19th Pacific Asia Conference on Information Systems (PACIS). University of Southern
Queensland, 2015. p. 1-18
[15] Mather T, Kumaraswamy S, Latif S. Cloud security and privacy: an enterprise perspective
on risks and compliance. "(Theory in Practice) Sebastopol, CA, O'Reilly Media, Inc, 2009.
[16] Furuncu E, Sogukpinar I. Scalable risk assessment method for cloud computing using game
theory (CCRAM). Computer Standards & Interfaces, 2015; 38, pp 44-50.
[17] Djemame K, Armstrong D, Guitart J, Macias M. A risk assessment framework for cloud
computing. IEEE Transactions on Cloud Computing, 2016; 4(3), pp 265-278.
[18] Chang V, Walters R J, Wills G. B. Organizational sustainability modeling—An emerging
service and analytics model for evaluating Cloud Computing adoption with two case studies.
International Journal of Information Management,2016; 36(1), pp 167-179
[19] Pearson S, Benameur A. Privacy, security and trust issues arising from cloud computing. In\
Cloud Computing Technology and Science (CloudCom), IEEE Second International
Conference on 2010, November; IEEE, 2010, pp. 693-702
[20] Pekane A. Adoption of cloud computing to enhance project management processes and
outcomes in South Africa in the private sector Unpublished Doctoral Dissertation, Cape
Town University, Cape Town, South Africa, 2015.
[21] Alosaimi R, Alnuem, M. A Proposed Risk Management Framework for Cloud Computing
Environment. International Journal of Computer Science and Information Security, 2016;
14(8), 47.
Analysis and Management of Risk Related to Using Cloud Computing in Business: Employee’s
Perception
http://www.iaeme.com/IJM/index.asp 32 [email protected]
[22] Sangroya A, Kumar S, Dhok J, Varma, V. Towards analyzing data security risks in cloud
computing environments.In International Conference on Information Systems, Technology
and Management, 2010, March; Springer, Berlin, Heidelberg, 2010, pp. 255-265
[23] Saripalli P, Walters B. Quirc: A quantitative impact and risk assessment framework for cloud
security. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on Ieee,
2010, July; pp. 280-288.
[24] Shawish A, Salama M. Cloud computing: paradigms and technologies. In Inter-cooperative
collective intelligence: Techniques and applications, Springer, Berlin, Heidelberg, 2014, pp.
39-67
[25] Tanimoto S, Hiramoto M, Iwashita M, Sato H, Kanai A. (.Risk management on the security
problem in cloud computing. In Computers, Networks, Systems and Industrial Engineering
(CNSI), 2011 First ACIS/JNU International Conference on 2011, IEEE, May; pp. 147-152.
[26] West F.10 Reasons Why Cloud Computing is the Wave of the Future for the Recruitment
Sector. Accessed on June 10, 2014, available at:
http://www.westtek.co.uk/Users/frmBlogDetail.aspx?id=2.
[27] Ali O, Soar J, McClymont H, Yong J, Biswas J.). Anticipated benefits of cloud computing
adoption in Australian regional municipal governments: an exploratory study. In
Proceedings of the 19th Pacific Asia Conference on Information Systems (PACIS)
University of Southern Queensland, 2015, pp. 1-18.
[28] Charanjeet Singh and Dr. Tripat Deep Singh, a 3-Level Multifactor Authentication Scheme
for Cloud Computing, International Journal of Computer Engineering and Technology,
10(1), 2019, pp. 184-195.
[29] Gangu Dharmaraju, J. Divya Lalitha Sri and P. Satya Sruthi, A Cloud Computing Resolution
in Medical Care Institutions for Patient’s Data Collection. International Journal of Computer
Engineering and Technology, 7(6), 2016, pp. 83–90.
[30] Dr. V. Goutham and M. Tejaswini, A Denial of Service Strategy to Orchestrate Stealthy
Attack Patterns In Cloud Computing, International Journal of Computer Engineering and
Technology, 7(3), 2016, pp. 179–186.
[31] Damodar Tiwari, Shailendra Singh and Sanjeev Sharma, A Prediction Based Multi- Phases
Live Migration Approach to Minimize the Number of Transferred Pages, in Cloud
Computing Environment, International Journal of Computer Engineering & Technology,
9(3), 2018, pp. 23–31.
[32] Kuldeep Mishra, Ravi Rai Chaudhary and Dheresh Soni, A Premeditated Cdm Algorithm in
Cloud Computing Environment For Fpm, International Journal of Computer Engineering
and Technology (IJCET), Volume 4, Issue 4, July-August (2013)
[33] Hamad Balhareth, Cloud Computing Strategy and Adoption in Higher Education: The Case
of Saudi Arabia. International Journal of Information Technology & Management
Information System 9(1), 2018, pp. 30–38.